If you find the CyberWire a valuable resource, why not share it with friends and colleagues? Send them an Invitation to subscribe. As always, thanks for reading, and do stay in touch.
More Signal. Less Noise.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
One Iranian APT tracked; another has its domains seized. Russian Venezuela detachment includes cyber unit. Plea in NSA leak case?
Announcements
Find the CyberWire useful? Consider sharing it.
Summary
Symantec describes the activities of "Elfin," an Iranian group that's working against targets in Saudi Arabia and the US. Elfin's targets have been drawn largely from the "engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors." Symantec calls the group agile and active, and notes that it operates by scanning for vulnerable websites against which it deploys a range of commodity and custom-built tools. SecurityWeek notes that FireEye tracks the group as APT33. Neither Symantec nor FireEye think Elfin is the group responsible for the 2018 wave of Shamoon attacks, although Elfin and Shamoon's targets have shown some overlap.
Microsoft yesterday took down a different Iranian APT by seizing ninety-nine websites the group (which Microsoft calls "Phosphorus" and others call "Charming Kitten" or "APT35") used to stage attacks.
Newsweek and others report that a small contingent of Russian troops, two planeloads, arrived in Venezuela with the avowed purpose of assisting the Chavista regime recover from what Caracas maintains is a wave of cyberattacks and sabotage that have crippled its electrical grid. The Russian troops are said to include both special operations forces and cyber operators. Few credit the Maduro regime's hacking allegations, but that's their story and they're sticking to it. As the Military Times observes, the US wants the Russians out, and the Russians say they're staying.
The Wall Street Journal, citing court records and defense counsel's statements, reports that former NSA contractor Hal Martin is today expected to plead guilty to charges involving theft of classified material.
Notes.
Today's issue includes events affecting Australia, Belgium, China, Czech Republic, European Union, Iran, Israel, Jordan, Morocco, NATO/OTAN, Russia, Saudi Arabia, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States, and and Venezuela.
Global Threat Report: Year of the Next-Gen Cyberattack
Our Threat Analysis Unit researched the current state of cyberattacks across our customer base with our IR partners. See the results.
On the Podcast
In today's podcast, out later this afternoon, we speak with our partners from Lancaster University, as Daniel Prince discusses cyber risk management. Our guest, Satish Thiagarajan from Tata Consultancy Services, talks about customizing machine learning to combat cyber attacks.
And Hacking Humans is up. In this week's episode, "Pick a persona to match the goal," we follow up on remotely previewing websites. Joe has the story of scammer bilking Facebook and Google out of millions. Dave reviews best practices for deleting data on devices you dispose of. The catch of the day is an offer of criminal partnering with the CIA. Our guest is Jeremy N. Smith, author of the book Breaking and Entering: the extraordinary story of a hacker called "Alien".
Sponsored Events
Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th (Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
'Russian playbook' remains after Mueller report wraps up (Star Tribune) The collusion question now answered, another one looms ahead of 2020: Will U.S. elections be secure from more Russian interference?
Gustuff Android banking trojan targets 125+ banking, IM, and cryptocurrency apps (ZDNet) Gustuff also possesses a feature unique among all Android banking trojans.
Iran-Linked Cyberspy Group APT33 Continues Attacks on Saudi Arabia, U.S. (SecurityWeek) An Iran-linked cyberespionage group tracked as Elfin and APT33 continues targeting organizations in Saudi Arabia and the United States, including via a recently patched WinRAR vulnerability.
Likud and Labor apps pose major security risks - report (The Jerusalem Post) Likud fixed the breach as soon as the company informed the party of it, Mako reported. A Labor spokesperson told the site that Check Point's claim "is not true."
Elfin espionage group is focused on Saudi, U.S. organizations, Symantec says (CyberScoop) In the last three years, a suspected Iranian cyber-espionage group has targeted organizations in Saudi Arabia and the United States in attacks spanning several sectors, researchers from cybersecurity company Symantec said Wednesday.
Islamic State Leader Goes Low-Tech to Evade Capture (Wall Street Journal) Abu Bakr al-Baghdadi has managed to slip through the net of the world’s intelligence agencies by shunning computers and mobile phones in favor of human messengers.
Microsoft takes down sites tied to suspected Iranian hackers (TheHill) Microsoft said Wednesday that it obtained a court order last week to seize and shut down websites used by Iranian hackers.
Analysis | The Cybersecurity 202: Microsoft's takedown of Iranian fake sites shows 'creative lawyering,' experts say (Washington Post) Companies are increasingly taking the fight against hackers into their own hands.
New Android malware targets 32 cryptocurrency apps and 100 international banks (Hard Fork | The Next Web) Meet "Gustuff," the new Trojan horse virus that's out to steal your cryptocurrency (and your fiat!) from your online accounts.
North Korean hackers continue attacks on cryptocurrency businesses (ZDNet) Lazarus Group hackers seamlessly integrate Mac malware into their normal attack routine.
A rogue’s gallery of bad actors is exploiting that critical WinRAR flaw (Ars Technica) Code-execution vulnerability is being used to install password stealers and much more.
AZORult Variant Can Establish RDP Connections (SecurityWeek) A C++ variant of the AZORult data stealer includes the ability to establish a remote desktop connection compromised devices, Kaspersky Lab’s security researchers have discovered.
Power Outages in Venezuela Continue Under Maduro’s Leadership (Accuracy in Media) Political, social, and economic tensions continue to grow in every Venezuelan city and town. On Monday, the country’s main hydroelectric dam suffered another power outage.
The blackout left almost 91 percent of Venezuela without an Internet connection.
As ironic as it is, Nicolas Maduro’s regime
Half of industrial control system networks have faced cyberattacks, say security researchers (ZDNet) But in many cases they are not deliberately targeted and only fall victim because of poor security.
Threat Landscape for Industrial Automation Systems in H2 2018 (Securelist) Kaspersky Lab ICS CERT team publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2018.
Hackers are causing blackouts. It's time to boost our cyber resilience (World Economic Forum) A well-orchestrated cyber attack on electricity infrastructure would result in damages to households, businesses and vital institutions.
US senators ask NERC about efforts to protect grid from Russian, Chinese cyberattacks (S&P Global) Manchin, King worry about components, software NERC says it uses E ISAC to share risk information A pair of US senators on Wednesday asked the North American Electric Reliability Corporation what it w
DragonEx exchange hacked, smoking ashes being raked over (Naked Security) “Part” of its assets have been retrieved, and they’ve got an address for a suddenly much plumper Bittrex wallet.
Norsk Hydro: true motivation? chance of recovery? LockerGoga key? (SC Magazine) Norsk Hydro may have lost £30m following the LockerGoga ransomware attack and there's speculation about the chance of recovery, the true motivation of the attack, and the existence of a kill switch.
Facebook and Instagram finally ban white nationalism posts (The Telegraph) Facebook has finally banned white nationalism on its services, reversing a long-held policy that such activity was not necessarily racist.
Facebook Is Reviewing its Policy on White Nationalism After Motherboard Investigation, Civil Rights Backlash (Motherboard) "Facebook ignores centuries of history, legal precedent, and expert scholarship that all establish that white nationalism and white separatism are white supremacy."
Far-right turn to niche social network amid Facebook crackdown (The Telegraph) Far-right activists in Australia who have been banned by major social networks including Twitter and Facebook have turned to a niche social network popular with online extremists.
Security Patches, Mitigations, and Software Updates
ASUS Patches Hijacked System Update Utility (SecurityWeek) ASUS has released a fix for the Live Update utility exploited by threat actors in the Operation ShadowHammer supply chain attack to deliver malware to hundreds of users.
Cisco Releases Flood of Patches for IOS XE, But Leaves Some Routers Open to Attack (Threatpost) The networking giant issued 27 patches impacting a wide range of its products running the ISO XE software.
Cyber Trends
The latest dark web cyber-criminal trend: Selling children's personal data (ZDNet) Fraudsters are looking for a clean credit history, and are using stolen identities to create them.
What’s Cyber Insurance & How Can It Protect My Business? (Bytestart) If you’re reading this, there’s a good chance cyber security is already on your radar. That’s a good place to have it, because cybercrime is relentlessly on the up. Data breaches…
New Cybersecurity Threats Loom Along the Tech Frontier (Northrop Grumman) Fighting cybersecurity threats is a chess match with ever-changing rules.
Third-party cyber risk management is a burden on human and financial resources (Help Net Security) Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective.
Marketplace
Trump says Google is committed to US not Chinese military (Military Times) Amid growing concern about the risks of Google and other U.S. companies doing business in China, President Donald Trump said Wednesday that the CEO of Google has
Exclusive: Told U.S. security at risk, Chinese firm seeks to sell... (Reuters) Chinese gaming company Beijing Kunlun Tech Co Ltd is seeking to sell Grindr LLC,...
ZTE to boost 5G, cybersecurity initiatives after record US$1 billion loss in 2018 (South China Morning Post) The Chinese telecoms equipment giant expects to turn its fortunes around with a first-quarter net profit of up to US$179 million.
NSO Group responds to spyware abuse allegations with spin (CPJ) Entering the terms “NSO Group,” “journalists,” and “spying” into a Google search from a workstation in New York City recently produced a sponsored search result at the top of the page. The NSO Group manufactures some of the world’s most sophisticated and high-profile spyware, and its sponsored link invites...
PayPal, Oracle and SAP cut hundreds of jobs around the Bay Area (Silicon Valley Business Journal) Oracle, SAP and PayPal are all cutting hundreds of local jobs as analysts say economic jitters are setting in for some major employers.
This cybersecurity founder's path from liquor store, to hacking group, to Cisco (CRN) Duo Security's former CEO Dug Song opens up on a colourful journey that eventually saw him sell his business to Cisco for over $2bn
San Jose Wi-Fi tech company Quantenna to be acquired in $1B deal (Silicon Valley Business Journal) Company expects deal to close in the second quarter
MoFo, O’Melveny Shape $1.07B Semiconductor Merger (Law360) ON Semiconductor on Wednesday agreed to buy WiFi chipset maker Quantenna Communications for roughly $1.07 billion, with ON saying the acquisition stands to strengthen its ability to serve the industrial and automotive markets, in a deal guided by law firms Morrison & Foerster LLP and O'Melveny & Myers LLP.
Senetas ready to pull up stumps (InnovationsAus.com) Leading Australian encryption technology provider Senetas will move offshore unless a series of changes are made to the government’s highly controversial Assistance and Access laws, as the local tech community unites to fight for amendments.
Scale Venture Partners promotes Jeremy Kaufmann to Principal, welcomes Senior Associate Oana Oteanu (Scale Venture Partners) ScaleVP’s investing team continues to deepen its artificial intelligence and machine learning expertise
Three Top Boston Executives Join Advanced Cyber Security Center Board of Directors (Globe Newswire) Rick Grinnell (Partner, Glasswing Ventures), John Letchford (CIO, UMass President’s Office) and Adeel Saeed (CISO, State Street) augment executive leadership of regional cybersecurity collaborative
Products, Services, and Solutions
The Respond Analyst™ Extends Its Automation Capabilities to Give Security Teams More Visibility and Better Results - Respond Software (Respond Software) Extended vendor coverage and a new deductive processing feature enhance the product’s automated judgement skills to augment security teams in their efforts to defend their enterprise. MOUNTAIN VIEW, Calif.—March 26, 2019— Respond Software, innovators...
FolderSecurityViewer now shows NTFS-Permissions for users on a specific folder (UNITED NEWS NETWORK GmbH) Gain GDPR compliance with Permission Reports for Windows Fileserver
Crypnotic Launches First-of-its-Kind Cryptocurrency Social Media Platform (PR Newswire) Crypnotic today announced the launch of its the first-of-its-kind cryptocurrency social media platform, which...
Technologies, Techniques, and Standards
Exclusive: Fearful of fake news blitz, U.S. Census enlists help of... (Reuters) The U.S. Census Bureau has asked tech giants Google, Facebook and Twitter to hel...
Former CIA leaders give ‘briefing book’ to 2020 candidates to counteract ‘fake news’ and ‘foreign election interference’ (Washington Post) The document is modeled on the classified intelligence briefing given to presidential nominees.
What to Do When the Russian Government Wants to Blackmail You (The Atlantic) Russian officials have a long history of using compromising material, or kompromat, as a weapon against political opponents.
The MITRE ATT&CK Framework – A Sign of the Times (ThreatQuotient) The security industry is placing greater emphasis on technologies, tools and processes. One of the most interesting is the MITRE ATT&CK Frameworks™
Security pros raged when NIST turned off its website. Will it happen again during the next shutdown? (Fifth Domain) “We got a lot of negative email on that,” confirmed Ron Ross a fellow at NIST that focuses on cybersecurity, systems security engineering, and risk management.
This new Army unit could help the US win the next Cold War (Army Times) With China and Russia on the rise, it's going to take all hands to deter a war.
Design and Innovation
Why 2019 will prove biometrics aren’t a security “silver bullet” (SC Media) Over the past decade, technology giants like Microsoft, Google and Apple have been raging an all-out war against the use of passwords with new
Research and Development
Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis (ResearchGate) Download Citation on ResearchGate | Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis | Objectives To investigate whether and how user data are shared by top rated medicines related mobile applications (apps) and to characterise privacy risks to app users, both clinicians and consumers. Design Traffic, content, and network analysis. Setting Top rated medicines...
Legislation, Policy and Regulation
Russian cyber experts sent to Venezuela ‘to prop up Maduro’ (Times) Russia has bolstered the embattled regime of President Maduro in Venezuela by deploying military cyber-security personnel to the country, an American official has claimed. Russia’s foreign ministry...
Take your troops out of Venezuela, Trump tells Russia (Times) President Trump has called on Russia to “get out” of Venezuela after it deployed troops and equipment in the crisis-torn country. American officials said the Russian team that arrived in Caracas at...
Russian troop deployment to Venezuela ‘fully legitimate,’ official dismisses US demands for withdrawal (Military Times) Russia has scoffed at the U.S. demand to withdraw its military personnel from Venezuela, saying that their presence in the country is fully legitimate.
Huawei Equipment Has Major Security Flaws, U.K. Says (Wall Street Journal) British officials accused Huawei of repeatedly failing to address security flaws in its products and said the company hasn’t demonstrated a commitment to fixing them.
EU Presents Plan for Safe 5G Amid Huawei Suspicions (SecurityWeek) The European Commission presented its plan to ensure the secure introduction of 5G telecoms networks, with suspicions hanging over Chinese giant Huawei.
5G network security: EU-wide approach urged | Government Europa (Government Europa) The European Commission has recommended a range of measures to safeguard high levels of cybersecurity across the EU’s 5G networks.
Why Australia banned Huawei's 5G equipment — as explained by the leader who did it (CNBC) Malcolm Turnbull explained the company that provides and maintains 5G infrastructure has the capability to act adversely to a country's national interest, but he added he's not suggesting China's Huawei would actually do that.
Is Huawei a Pawn in the Trade War? (Foreign Affairs) The company's troubles are linked to the politics of the global tech race.
What is Article 13? The EU's divisive new copyright plan explained (WIRED UK) Article 13 of the EU's new copyright directive has sparked huge controversy online, with YouTube campaigning strongly against the proposal. We explain why
Pakistan’s cyberspace at the mercy of hackers (The Express Tribune) Officials, experts say need to enact cybersecurity, data protection laws dire
ASD distances offensive cyber ops from 'cavalier hackers' (iTnews) Makes ‘live job advertisement’ for skills.
AEC prepared for election cyber attack (SBS News) The Australian Electoral Commission is preparing to counter cyber attacks during the federal election, as Microsoft seeks global action to protect democracy.
Air Force’s New Fast-Track Process Can Grant Cybersecurity Authorizations In One Week (Nextgov.com) The process is a mix of quick but comprehensive testing up front followed by continuous monitoring through the life of the app.
Litigation, Investigation, and Enforcement
FTC investigates whether ISPs sell your browsing history and location data (Ars Technica) AT&T, Comcast, Verizon, T-Mobile, Google face probe into privacy and targeted ads.
NotPetya act of war exclusion spreads to second insurer (Verdict) A second insurer has refused to pay out over the NotPetya cyberattack based on an act of war exclusion, prompting growing concerns for businesses.
Global police arrest dozens of people in dark web sting (WeLiveSecurity) Law enforcement from Europe, the US and Canada have cracked down on dozens of people who reportedly sold and bought illicit goods on the dark web.
Former NSA Contractor Expected to Plead Guilty This Week for Theft of Top Secret Documents (Wall Street Journal) A former National Security Agency contractor who was scheduled to go to trial in June on charges of removing a huge amount of classified material from the agency’s headquarters is expected to plead guilty on Thursday.
Glen Burnie man accused of stealing millions of classified NSA documents expected to plead guilty (Baltimore Sun) Glen Burnie resident Harold Martin, who allegedly stole half a billion classified government documents, has scheduled a re-arraignment hearing this week.
Mueller Grand Jury Proceeding 'Robustly,’ Prosecutor Tells Judge (New York Law Journal) Unidentified foreign government-owned company, represented by Alston & Bird, requests continued secrecy at hearing Wednesday in D.C. federal court.
Comey: ‘It doesn’t make sense’ that Mueller didn’t rule on obstruction of justice (Washington Post) The former FBI director spoke to Lester Holt of “NBC Nightly News” about the Russia investigation.
Comey wrong to see obstruction in firing: Ken Starr (Fox News) Former Independent Counsel to President Clinton Ken Starr believes that former FBI director James Comey was wrong to say in an NBC interview that his firing was “potentially obstruction of justice.”
Obama, Pelosi stress pragmatism as Democrats seek to move past Mueller report (Washington Post) The party appeared eager Tuesday to pivot to issues of greater concern to voters, including health care and fair pay.
‘Undoubtedly there is collusion’: Trump antagonist Adam Schiff doubles down after Mueller finds no conspiracy (Washington Post) Republicans say Rep. Schiff should resign as chairman of the House Intelligence Committee, and the president wants him banned from cable news. But Schiff refuses to let the collusion question go until lawmakers can assess the investigative materials that informed the special counsel’s findings.
Taibbi: As the Mueller Probe Ends, New Russiagate Myths Begin (Rolling Stone) Donald Trump couldn’t have asked for a juicier 2020 campaign issue
Rand Paul: Former Obama CIA chief promoted ‘dossier,’ demands investigation of Obama team (Washington Examiner) Sen. Rand Paul escalated his demand for an investigation into former Obama officials who “concocted” the anti-Trump Russia scandal, revealing that former CIA Director John Brennan was the key figure who legitimized the charges and discredited “dossier” against the president.
Here’s How The Steele Dossier Spread Through The Media And Government (Daily Caller) More than 15 journalists and multiple government officials handled salacious report
Kushner provides documents to House Judiciary in obstruction probe (CNN) President Donald Trump's son-in-law Jared Kushner is providing records to the House Judiciary Committee for its probe into obstruction of justice, according to a person with knowledge of the matter.
US Embassy pressed Ukraine to drop probe of George Soros group during 2016 election (TheHill) The Obama administration took the rare step of trying to press the Ukrainian government to back off an investigation.
J-Code Arrests 61, Seizes $4.5 Million in Crypto from Dark Web Traffickers (Coinnounce) J-Code or the Joint Criminal Opioid and Darknet Enforcement team has arrested 61 people and seized around $4.5 million in cryptocurrency during the Operation SaboTor which targets the drug traffickers worldwide that operate on the dark web. The J-Code comprises of organizations such as the Federal Bureau of Investigation, Durg Enforcement Administration, Health and […]
Police Raid Sweden’s Leading Bank as Russian Money Laundering Scandal Spreads (Wall Street Journal) Police raided the headquarters of Swedbank as it faces suspicions of illegally tipping off shareholders that a TV report would accuse the lender of helping launder billions of dollars in illicit funds from Russia.
Industry Events
newly Noted Events
NIST IT Security Day (Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards and Safety (NIST) advances our nation's technology infrastructure. Approximately 1,000 of the employees making that happen at NIST gather at their annual IT Security Day, which increases awareness of operational IT security and networking both at home and in the office.
upcoming Events
Cyber Security for Critical Assets Summit (Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate to protect America's critical industries: Oil & Gas, Energy, Renewables, Chemical, Utilities, Mining, Water, Power, and Maritime. 2019's agenda includes: real-life case studies, focus groups, panel discussions, roundtables, 6+ hours of structured networking, and specialized IT & OT streams as well as plenary sessions addressing common challenges. The third day features an exclusive case-study-based workshop to those who dare asking 'why are critical infrastructure assets so easy to attack?' and 'how would we cope if internet and telecommunications outages lasted for days?'
SecureWorld Boston (Boston, Massachussetts, USA, March 27 - 28, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
Symposium on Securing the IoT (San Francisco, California, USA, March 27 - 29, 2019) Want to share your passion and knowledge for Securing the 25 Billion devices connected to the Internet? Topics currently being selected for tracks include: Authenticating Blockchain, Secure Medical & Healthcare, Industrial IoT, Smart Cities, Buildings & Vehicles, Embedded IoT Security, Secure Payment, Consumer IoT and Standardization.
Women in CyberSecurity (WiCyS) Conference (Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation in cyber by recruiting, retaining, and advancing females in the field of cybersecurity.
Mid-Atlantic Collegiate Cyber Defense Competition (Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills in a competitive environment. The finals are in March; qualifier rounds will be held on February 11,12, and 16, 2019.
Sponsor & Support
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.